CVE-2024-20419: Cisco Smart Software Manager On-Prem...

CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability

On July 17, 2024, Cisco published an advisory for a critical vulnerability in Cisco’s Smart Software Manager On-Prem (SSM On-Prem). CVE-2024-20419 is an unverified password change weakness within the Cisco SSM On-Prem allowing the attacker to change the password of accounts without prior knowledge of the existing password.

There is currently no indication of exploits in-the-wild at the time of this post but exploit code is publicly available heightening the urgency to mitigate. Cisco updated their advisory on July 20, 2024 to reflect the availability of this exploit code.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

CVE-2024-20419: Cisco Smart Software Manager On-Prem...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia